Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX- shell authorization and accounting

Hi,

I've configured my PIX to makea telnet authentication with a TACACS ACS server, now I' ve configured this to take a per user authorization for the exec commands and works fine but :

when the ACS goes down nobody can type a command, the PIX says "authorization failed"?

is there a method to specify a local authorization when the ACS is unreacheble?

Are there some commands to accounting the commands typed by the users?

Thanks VM

Graz.

1 REPLY
Cisco Employee

Re: PIX- shell authorization and accounting

There is no fallback, so if TACACS goes down, no LOCAL.

There is no actual command accounting available, but by having syslog activated on the PIX, it will show who did what, as shown in the following example:

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

611103: User logged out: Uname: pixtest

307002: Permitted Telnet login session from 172.18.124.111

111006: Console Login from pixtest at console

502103: User priv level changed: Uname: pixtest From: 1 To: 15

111008: User 'pixtest' executed the 'enable' command.

111007: Begin configuration: 172.18.124.111 reading from terminal

111008: User 'pixtest' executed the 'configure t' command.

111008: User 'pixtest' executed the 'write t' command.

R/Yusuf

139
Views
0
Helpful
1
Replies
CreatePlease to create content